Security on the fly

Biometric identification technology is making quite a mark in the Middle East.

Biometric identification technology is making quite a mark in the Middle East. The past year has seen a number of major biometrics deploymentst, including a frequent-flyer fasttrack check in at Dubai Airport, a system for registering pilgrims going on Haj to Saudi Arabia, and another scheme in the UAE to track illegal immigrants.

The Dubai government is also considering including a biometric element to its proposed national identity card scheme. Without having to address the concerns of citizens in the same way that governments elsewhere have, the authorities in the Gulf have wholeheartedly embraced biometrics as an efficient way to track and identify their populations.

But biometrics is not just confined to high-end projects in the corporate and government sectors, and may prove to be a vital element in addressing a growing problem—mobile security. As notebook and PDA sales continue to race along in the Middle East, so the number of mobile users continues to grow. And while most home consumers don’t often take their notebooks out of their homes, the corporate user is much more likely to be carrying their laptop from home to office to airport lounge and so on—all of which increases the risk of theft.

Even just the thousand or so dollars that your average notebook costs make it worthwhile investing in greater security, let alone any corporate data on the device, yet mobile security is overlooked by the vast majority of users.

There are solutions to mobile security, but traditionally these have either fallen into the cable lock category—one step up from a bicycle chain, and no real use in stopping someone from getting data from a stolen hard drive—or the PC card alarms such as Targus’ DEFCON series, which provide a good level of both data and hardware protection, but don’t seem to have widespread adoption by corporate notebook users.

Another solution comes from software such as Computrace from Canadian company Absolute Software. This ingenious solution comprises a tamper-proof software agent that resides on a laptop hard drive. Every time the notebook goes online, the software agent logs on to servers operated by the software company or its partners, in the background to normal activity.

If the laptop is stolen, the user alerts the server host, and now if the stolen device is connected to the Internet, Computrace will trace the IP address of the machine, even through a firewall, the phone number where dial up is being attempted from and can even remotely delete all data from the user area of the hard drive. The service has resulted in the recovery of a number of stolen laptops, and even in the cases where hardware was found to be unrecoverable (it had been shipped to Nigeria), it could still prevent the stolen notebooks from being used online, by wiping the hard drive each time.

But while these services are good for recovering hardware and possibly catching the thieves, they still don’t prevent data theft completely, which is potentially where biometrics comes in. Last month saw the release of the first HP iPaq with onboard finger print scanner, to provide user authentication. PC Card or USB fingerprint scanners have been available for some time for desktops and notebooks, but the trend to include an integral reader is relatively new.

Of course the biometrics technology is really acting as a super-strength password or key, and is only as good as the encryption that protects the data from unauthorised eyes, but it is a better deterrent to a casual snooper who might otherwise try to have a look through an unattended laptop, and to the thief who might think twice if he can see the fingerprint reader when he wouldn’t be able to see the tracking software or alarm.

Biometrics will also provide a much greater degree of secure authentication than just a password as would. There are some issues to the technology—for example, if you accidentally lock up your iPaq, how easily can you get it reactivated? Some time ago a colleague with a rather fancy Italian sports car lost his car keys.

These weren’t just any keys mind, but a special computer-coded set, and unfortunately he had only one set. His local car dealer couldn’t help, as a new set of keys had to specially cut and sent from Italy, a process that took three weeks (all the while leaving his car sitting there gathering dust).

Hopefully the hardware vendors will have thought the problem through a little better than the car manufacturers—otherwise an accidental lock up of a notebook could result in a long separation from your business information.

There are concerns about just how robust biometric technology is, with various stories of systems being fooled by fake fingers made of jelly, and other Hollywood stuff, and there is also the problem of not being able to handover biometric access in situations of duress (think bank robbers with bolt cutters) but with more and more mobile users, the mobile security problem needs solutions, and biometrics might just be one of them.